Nationwide, Team Viewer fraud, ombudsman

jonesMUFCforever

Can you give us the Ombudsman' reference so that we can read the adjudication for ourselves?
Great that you got the money back - I would not have given you a chance having read the thread.

bigadaj

I find it quite odd that the money can move through the uk banking system so quickly without recourse. Assuming the money isn't immediately transferred abroad then anyone opening the account into which the money is paid will surely have had to go through scrutiny, identity checks and money laundering process to open the account in the first place.

WilburW

jonesMUFCforever said:

Can you give us the Ombudsman' reference so that we can read the adjudication for ourselves?
Great that you got the money back - I would not have given you a chance having read the thread.

I had a look through emails/list of decisions on FOS website and were no entries for July at all. Perhaps they only update on a monthly basis... Corvid seems to be slowing things down.  I'll let you know once the ruling is posted. I have the Opinion letter sent both parties back in May but it isn't anonymized.

WilburW

bigadaj said:

I find it quite odd that the money can move through the uk banking system so quickly without recourse. Assuming the money isn't immediately transferred abroad then anyone opening the account into which the money is paid will surely have had to go through scrutiny, identity checks and money laundering process to open the account in the first place.

The scam involved a 'legal'ish middleman 'bit coin trader'. The entire attack was very well planned and executed by someone who knew exactly what to do and how to cover their tracks.

jonesMUFCforever

bigadaj said:

I find it quite odd that the money can move through the uk banking system so quickly without recourse. Assuming the money isn't immediately transferred abroad then anyone opening the account into which the money is paid will surely have had to go through scrutiny, identity checks and money laundering process to open the account in the first place.

People 'take over' properly opened bank accounts see this link  https://forums.moneysavingexpert.com/discussion/6175773/bank-fraud-can-anyone-help-me-make-sense-of-this

kaMelo

It's great that you've got your money back but I'm absolutely staggered by it.
I really don't know what Nationwide did wrong or how it was meant to prevent this happening and more to the point, rulings like this simply say to customers you have absolutely no personal responsibility whatsoever and give a green light to  participate in the "scam" knowing they will get it back. 
 I can also see an increased number of Nationwide customers complaining about having genuine payments blocked and accounts on hold.

If the OP could quote the DRN number I too would be interested in reading their reasoning behind the ruling.

SnowTiger

kaMelo said:

It's great that you've got your money back but I'm absolutely staggered by it.
I really don't know what Nationwide did wrong or how it was meant to prevent this happening and more to the point, rulings like this simply say to customers you have absolutely no personal responsibility whatsoever and give a green light to  participate in the "scam" knowing they will get it back. 
 I can also see an increased number of Nationwide customers complaining about having genuine payments blocked and accounts on hold.

If the OP could quote the DRN number I too would be interested in reading their reasoning behind the ruling.

I don't think Nationwide did anything wrong.

I think the FOS is of the opinion that customers who have been scammed shouldn't be left out of pocket.  I highlighted this story earlier in the thread.

I wonder what the FOS would make of this case: https://forums.moneysavingexpert.com/discussion/6175773/bank-fraud-can-anyone-help-me-make-sense-of-this.

colsten

An extraordinary ruling. Like others, I look forward to seeing the detailed rationale. Although the FOS might decide not to publish this case as the information could potentially get abused by fraudsters.

nyermen

I suspect it'll be down to the transactions being so out of character that they're "expected" to block them - a very interesting ruling for the future if that's so.  Otherwise it could be assumed that the FOS are requiring pretty much all fraud to be repaid if it can be proven to be fraud, regardless of situation.
For what its worth, team viewer is chosen presumably because it has a free option.  As mentioned, don't focus on the software name.  Any screen sharing software with a "take control" feature can do this (albeit most are paid for, but these are sophisticated scams so I'm sure they'd happily use them or start a free trial).  eg. Microsoft Lync/Skype for business, Microsoft teams, Cisco webex just off my head.  Does zoom have such an option?

WilburW

nyermen said:

I suspect it'll be down to the transactions being so out of character that they're "expected" to block them - a very interesting ruling for the future if that's so.  

Yes, and part of my reason to post in this forum is to highlight this so that anyone else who have been victim of scams know the there may be a path to getting the stolen money back, even if it can take a while. In lieu of the public decision (still no data at all from July on ombudsman site),  quoted detail below outlining the relevant industry practice in relation to the case.  In our case there was a clear anomalous pattern of significant amounts transferred out within a short timeframe which should have been held until phone authorization could have been obtained- and the bank wasn't contactable when we attempted to alert them at the time of the attack.

My other reason for sharing this more widely is to increase the awareness of this type of scam and how criminals target and are able to psychologically manipulate individuals who might be more or less susceptible - everyone in the household needs to know the patterns and what to look out for. My wife was going though a rough patch psychologically at the time of the attack, running on 3 hrs sleep (children..) during a 30 deg heatwave in July and fundamentally thought she was helping her friend due to the stolen facebook profile under control by the scammer. 
The attack was technologically advanced multi-channel using phone numbers, whats app, facebook, team viewer etc - all utilised by the attacker in manipulating her psychologically towards doing what he/she wanted. In our case it was a highly organised and well planned attack. It's easy to apply 'common sense' in hindsight when the events are laid out for inspection but please consider that everybody are a potential target and an effective scammer will recognise how to find a psychological hook, use a combination of coercion and building trust. It's social engineering and the tools don't really matter much, other than the awareness that we can't really trust that people are who they say when we're just on the other side of text messages as anyone could be typing.
 
Fundamentally it's much better for banks, customers and the ombudsman if scams don't happen - but sadly during Corvid crisis incidents gone up. 
Please don't think you or anyone in your family couldn't ever fall victim to a professional scammer and consider reading guides like this one from Which - for APP scams they seem to have up to date information including detail on the (voluntary) APP Code from the banks. 

-----------
Relevant bank practice at the time of the attack:

BSI: PAS 17271: 2017 Protecting customers from financial harm as a result of fraud or

financial abuse – Code of practice

The Code gives recommendations to organisations for protecting customers from financial harm

that might occur as a result of fraud or financial abuse; and gives guidance on how to recognise

customers who might be at risk, how to assess the potential risks to the individual and how to

take the necessary actions to prevent or minimise financial harm.

It establishes that, as a general principle, the organisation should deliver a service that:

3.1(b) takes a proactive approach to minimising risks, impact and incidences of financial harm

And it sets out systems and tools for the prevention and detection of fraud and financial abuse.

As a general point, it says organisations should ensure that all systems are developed using

technologies and methodologies that are effective in the prevention of fraud and financial

abuse, through authorised and non-authorised payments, thereby minimising the risk of

financial harm to customers. As regards to the detection of fraud and financial abuse, it says the

organisation:

5.3.1 should have measures in place across all payment channels and products to detect

suspicious transactions or activities that might indicate fraud or financial abuse. It then lists the

following examples of suspicious activity on customer accounts:

a) multiple chequebooks;

b) sudden increased spending;

c) transfers to other accounts;

d) multiple password attempts;

e) logins from new devices, multiple geographical locations;

f) sudden changes to the operation of the account;

g) a withdrawal or payment for a large amount;

h) a payment or series of payments to a new payee;

i) financial activity that matches a known method of fraud or financial abuse

And it goes on to say any suspicious transactions should be flagged on the system and the

appropriate member of staff notified

Authorised Push Payment Voluntary Best Practice Standards – issued by UK Finance

and Financial Fraud Action UK – April 2018

4

Principle 1 says - the victim bank should own fraudulent reporting and offer a 24/7 service

Principle 3: says the victim bank should act as the intermediary in the recovery of any funds.

Principle 4: says (in summary) any passing between departments should be immediate and

where that isn’t possible should be within 24 hours.

Principle 9: says the victim bank will notify allegations 24/7 365 days a year for the receiving

bank to start their assessment of the claim and notification will be made immediately once

checks have been carried out and the APP details collected. Where checks conclude that there

is a suspicion the claim is valid and monies remain, a phone call to the receiving bank to put

them on notice may be appropriate.